Security Bulletin: Multiple vulnerabilities in Golang Go affect IBM Decision Optimization in IBM Cloud Pak for Data

Summary

There are multiple vulnerabilities in Golang Go used by IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2022-21626
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238689 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Remediation/Fixes

IBM strongly suggests to upgrade to IBM Decision Optimization in IBM Cloud Pak for Data 4.6.1 or higher, using the Operator upgrade process described in the IBM Documentation:

<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x?topic=u-upgrading-from-version-46-8&gt;

Workarounds and Mitigations

None